Edit tour

Windows Analysis Report
MSG.docx

Overview

General Information

Sample name:	MSG.docx
Analysis ID:	1432328
MD5:	80a08672a3ea9cb9b3bf2eb7eef46058
SHA1:	4e105a2c1d4aac7927a0d54422654fc2c481fb5f
SHA256:	797051ff4e6ab6de818abdc5a13151c76f25b529f9f4da90013d0a3d4e6685df
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Document misses a certain OLE stream usually present in this Microsoft Office document type

HTML page contains hidden URLs or javascript code

IP address seen in connection with other malware

Classification

Process Tree

System is w7x64

WINWORD.EXE (PID: 1052 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)

chrome.exe (PID: 2768 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ== MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

chrome.exe (PID: 3224 cmdline: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1276,i,9089814840846958116,12399007445428580176,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)

cleanup

Sigma Signatures

Sigma detected: Office Macro File Creation

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 1052, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ==

SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

Source: https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ==

HTTP Parser: Base64 decoded: https://navipahat.in/wp-includes/host%5b24.0%5d/7468c09.php

Source: https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ==

HTTP Parser: No favicon

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_2768_2041681820	Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: Joe Sandbox View	IP Address: 104.18.3.35 104.18.3.35
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 104.17.2.184 104.17.2.184

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F6481146-C418-4192-8EA3-C130B10535CF}.tmp

Jump to behavior

Source: global traffic	HTTP traffic detected: GET /linkofinformationtech.html HTTP/1.1Host: pub-386b08e75b554ed78af5f51b01d7e1d8.r2.devConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: pub-386b08e75b554ed78af5f51b01d7e1d8.r2.devConnection: keep-alivesec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: navipahat.in
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 19:27:02 GMTContent-Type: text/htmlContent-Length: 27242Connection: closeServer: cloudflareCF-RAY: 87a8f7c48dd3b3e0-MIA

Source: chromecache_100.3.dr	String found in binary or memory: https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
Source: chromecache_98.3.dr	String found in binary or memory: https://developers.cloudflare.com/r2/data-access/public-buckets/
Source: chromecache_100.3.dr	String found in binary or memory: https://navipahat.in/wp-includes/host%5b24.0%5d/admin/js/sc.php?r=ZW0sZW1haWwsYWRk
Source: chromecache_98.3.dr	String found in binary or memory: https://www.cloudflare.com/favicon.ico

Source: unknown	Network traffic detected: HTTP traffic on port 49161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49166
Source: unknown	Network traffic detected: HTTP traffic on port 49165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49161
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 49168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49173 -> 443

Source: ~WRF{89E871C7-A4A1-42CB-8C0A-A87B5A9E4683}.tmp.0.dr

OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false

Source: classification engine

Classification label: mal48.winDOCX@18/16@10/5

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\Desktop\~$MSG.docx

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File created: C:\Users\user\AppData\Local\Temp\CVR7B75.tmp

Jump to behavior

Source: MSG.docx

OLE indicator, Word Document stream: true

Source: ~WRF{89E871C7-A4A1-42CB-8C0A-A87B5A9E4683}.tmp.0.dr	OLE document summary: title field not present or empty
Source: ~WRF{89E871C7-A4A1-42CB-8C0A-A87B5A9E4683}.tmp.0.dr	OLE document summary: author field not present or empty
Source: ~WRF{89E871C7-A4A1-42CB-8C0A-A87B5A9E4683}.tmp.0.dr	OLE document summary: edited time not present or 0

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ==
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1276,i,9089814840846958116,12399007445428580176,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1276,i,9089814840846958116,12399007445428580176,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: MSG.LNK.0.dr

LNK file: ..\..\..\..\..\Desktop\MSG.docx

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: MSG.docx	Initial sample: OLE zip file path = word/_rels/footnotes.xml.rels
Source: MSG.docx	Initial sample: OLE zip file path = word/comments.xml
Source: MSG.docx	Initial sample: OLE zip file path = docProps/custom.xml

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\GoogleUpdater	Jump to behavior
Source: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_2768_2041681820	Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: MSG.docx

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	3 Masquerading	OS Credential Dumping	1 File and Directory Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ==	100%	SlashNext	Credential Stealing type: Phishing & Social Engineering
https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/favicon.ico	0%	Avira URL Cloud	safe
https://navipahat.in/wp-includes/host%5b24.0%5d/admin/js/sc.php?r=ZW0sZW1haWwsYWRk	0%	Avira URL Cloud	safe
https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
navipahat.in	192.185.166.178	true	false	unknown
pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev	104.18.3.35	true	false	unknown
challenges.cloudflare.com	104.17.2.184	true	false	high
www.google.com	142.251.116.106	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ==	true	SlashNext: Credential Stealing type: Phishing & Social Engineering	unknown
https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	false		high
https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/favicon.ico	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback	false		high
https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://navipahat.in/wp-includes/host%5b24.0%5d/admin/js/sc.php?r=ZW0sZW1haWwsYWRk	chromecache_100.3.dr	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/favicon.ico	chromecache_98.3.dr	false		high
https://developers.cloudflare.com/r2/data-access/public-buckets/	chromecache_98.3.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.185.166.178	navipahat.in	United States	46606	UNIFIEDLAYER-AS-1US	false
104.18.3.35	pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.116.106	www.google.com	United States	15169	GOOGLEUS	false
104.17.2.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1432328
Start date and time:	2024-04-26 21:25:20 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	4
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	MSG.docx
Detection:	MAL
Classification:	mal48.winDOCX@18/16@10/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .docx Found Word or Excel or PowerPoint or XPS Viewer Attach to Office via COM Scroll down Close Viewer

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, vga.dll, WMIADAP.exe
Excluded IPs from analysis (whitelisted): 142.250.115.94, 142.250.114.102, 142.250.114.100, 142.250.114.101, 142.250.114.139, 142.250.114.113, 142.250.114.138, 142.250.113.84, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: MSG.docx

Source	URL
Screenshot	https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ==
Screenshot	https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ==
Screenshot	https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ==
Screenshot	https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ==
Screenshot	https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ==

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.18.3.35	http://pub-e0fbd798f1254106a8d627bd480831e7.r2.dev/index_update.html/	Get hash	malicious	Unknown	Browse	pub-e0fbd798f1254106a8d627bd480831e7.r2.dev/index_update.html/
	http://pub-64b6655e667e44b99068622fd5dabd15.r2.dev/savv.html	Get hash	malicious	HTMLPhisher	Browse	pub-64b6655e667e44b99068622fd5dabd15.r2.dev/savv.html
	http://pub-30e09a695d384119ae7a85a4f4ba9446.r2.dev/kmpn.html	Get hash	malicious	HTMLPhisher	Browse	pub-30e09a695d384119ae7a85a4f4ba9446.r2.dev/kmpn.html
	http://pub-5d09e89ff38240f2b559297a9206beea.r2.dev/auth.html?email=3mail@b.c	Get hash	malicious	HTMLPhisher	Browse	pub-5d09e89ff38240f2b559297a9206beea.r2.dev/auth.html?email=3mail@b.c
239.255.255.250	https://open.camscanner.com/doc/download_file?platform=web&type=118&sid=8c5645d2944c4b262e3b5813d266f0d5&title=ProjectUpdate-X	Get hash	malicious	HTMLPhisher	Browse
	https://doc-42.jimdosite.com/	Get hash	malicious	HTMLPhisher	Browse
	https://live.easygenerator.com/review/course/3850bd4a-58ae-47b2-bb6f-157e213d949f/	Get hash	malicious	Unknown	Browse
	https://webcompanion.com/nano_download.php?	Get hash	malicious	Unknown	Browse
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTQxMDYyLCJtZXNzYWdlX2lkIjoiMGd5MHB6amd2a3hmeTlnN24wNzkzdzQ3IzIzYWUwMmFhLWVjMDQtNGYwMy1iODk3LWM4NjMyYzU3ZDIxMyIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1Njc3MDYyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMHNlYW4uZnVlbGxoYXJ0QGJhbmthdGNpdHkuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDBmMjcwMDVjM2U0ZWRkMzE4MTUyNDIxMWMwZmNiZDYifQ.HuxvS7w7UGVjl7M8LBH9yLcIGAIbx_lymrlb7oZbnQ4	Get hash	malicious	Captcha Phish	Browse
	https://gjyefv.degaris.com/	Get hash	malicious	HTMLPhisher	Browse
	Scanned from Xerox Multi.......rtf	Get hash	malicious	HTMLPhisher	Browse
	INETCwsSDezirces.dll	Get hash	malicious	Unknown	Browse
	https://xxxjns2qi.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse
	https://mss.ehs2.com/?dilywvqc	Get hash	malicious	Unknown	Browse
104.17.2.184	https://gjyefv.degaris.com/	Get hash	malicious	HTMLPhisher	Browse
	https://control.mailblaze.com/index.php/survey/wq790f4mf09e0	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://unilever3.demdex.net/firstevent?d_event=click&d_bu=317196&c_medium=display&c_destination=Retailer&c_country=BD&c_campaignname=L-LifebuoyHandsanitizerLaunchComm&c_prodcat=CH1097&c_brandcode=BH0300&d_adgroup=All_KV&c_contenttype=display&c_source=Dhaka%20Tribune&d_rd=https://campaign-statistics.com/link_click/PidJvkyg2S_O4JTm/159dfdb0ade49a7c5597d3c1d9bd3d8a	Get hash	malicious	Unknown	Browse
	https://gelw.nalverd.com/AvGEoxV/	Get hash	malicious	HTMLPhisher	Browse
	https://deebmpapst.ordineproposal.top/	Get hash	malicious	Unknown	Browse
	http://callumsyed.net/	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://c-m-c-group.com/	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://autode.sk/4bb5BeV	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	http://neoparts.com.br./driz/oybe/am9sZW5lLmJ1cm5zQHNlY3VydXN0ZWNobm9sb2dpZXMuY29t$?utp=consumer&	Get hash	malicious	HTMLPhisher	Browse
	https://web.lehighvalleychamber.org/cwt/external/wcpages/referral.aspx?ReferralType=W&ProfileID=5337&ListingID=4065&CategoryID=74&SubCategoryID=0&url=//sanemedia.ca/owaow/yjyo8q/bWFyaWEud29qY2llY2hvd3NraUBjby5tb25tb3V0aC5uai51cw==	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
challenges.cloudflare.com	https://doc-42.jimdosite.com/	Get hash	malicious	HTMLPhisher	Browse	104.17.3.184
	https://gjyefv.degaris.com/	Get hash	malicious	HTMLPhisher	Browse	104.17.3.184
	Scanned from Xerox Multi.......rtf	Get hash	malicious	HTMLPhisher	Browse	104.17.3.184
	https://control.mailblaze.com/index.php/survey/wq790f4mf09e0	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.3.184
	https://unilever3.demdex.net/firstevent?d_event=click&d_bu=317196&c_medium=display&c_destination=Retailer&c_country=BD&c_campaignname=L-LifebuoyHandsanitizerLaunchComm&c_prodcat=CH1097&c_brandcode=BH0300&d_adgroup=All_KV&c_contenttype=display&c_source=Dhaka%20Tribune&d_rd=https://campaign-statistics.com/link_click/PidJvkyg2S_O4JTm/159dfdb0ade49a7c5597d3c1d9bd3d8a	Get hash	malicious	Unknown	Browse	104.17.2.184
	https://gelw.nalverd.com/AvGEoxV/	Get hash	malicious	HTMLPhisher	Browse	104.17.3.184
	https://deebmpapst.ordineproposal.top/	Get hash	malicious	Unknown	Browse	104.17.2.184
	https://powerpointmicrosoftoffice.top/	Get hash	malicious	Unknown	Browse	104.17.3.184
	http://callumsyed.net/	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.3.184
	https://c-m-c-group.com/	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
UNIFIEDLAYER-AS-1US	https://doc-42.jimdosite.com/	Get hash	malicious	HTMLPhisher	Browse	192.185.144.111
	https://control.mailblaze.com/index.php/survey/wq790f4mf09e0	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	162.241.114.35
	rPO50018137-14_pdf.exe	Get hash	malicious	AgentTesla, PureLog Stealer, RedLine	Browse	108.167.140.123
	http://www.alserhgroup.com/	Get hash	malicious	Unknown	Browse	192.185.48.207
	Packing List PDF.bat.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	50.87.195.61
	PONO6188.vbs	Get hash	malicious	AgentTesla, GuLoader	Browse	192.185.13.234
	Payment details.exe	Get hash	malicious	AgentTesla	Browse	50.87.145.190
	Docs.exe	Get hash	malicious	AgentTesla	Browse	50.87.219.149
	PO#50124.exe	Get hash	malicious	AgentTesla	Browse	50.87.219.149
	http://www.tbmuae.com/	Get hash	malicious	GRQ Scam	Browse	198.57.149.230
CLOUDFLARENETUS	https://open.camscanner.com/doc/download_file?platform=web&type=118&sid=8c5645d2944c4b262e3b5813d266f0d5&title=ProjectUpdate-X	Get hash	malicious	HTMLPhisher	Browse	104.21.89.211
	https://doc-42.jimdosite.com/	Get hash	malicious	HTMLPhisher	Browse	104.17.3.184
	https://live.easygenerator.com/review/course/3850bd4a-58ae-47b2-bb6f-157e213d949f/	Get hash	malicious	Unknown	Browse	104.18.12.112
	https://webcompanion.com/nano_download.php?	Get hash	malicious	Unknown	Browse	104.19.208.152
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTQxMDYyLCJtZXNzYWdlX2lkIjoiMGd5MHB6amd2a3hmeTlnN24wNzkzdzQ3IzIzYWUwMmFhLWVjMDQtNGYwMy1iODk3LWM4NjMyYzU3ZDIxMyIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1Njc3MDYyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMHNlYW4uZnVlbGxoYXJ0QGJhbmthdGNpdHkuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDBmMjcwMDVjM2U0ZWRkMzE4MTUyNDIxMWMwZmNiZDYifQ.HuxvS7w7UGVjl7M8LBH9yLcIGAIbx_lymrlb7oZbnQ4	Get hash	malicious	Captcha Phish	Browse	1.1.1.1
	https://gjyefv.degaris.com/	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	Scanned from Xerox Multi.......rtf	Get hash	malicious	HTMLPhisher	Browse	172.67.167.15
	https://xxxjns2qi.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	104.21.53.38
	https://control.mailblaze.com/index.php/survey/wq790f4mf09e0	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.21.58.67
	neo.msi	Get hash	malicious	Latrodectus	Browse	172.67.219.28
CLOUDFLARENETUS	https://open.camscanner.com/doc/download_file?platform=web&type=118&sid=8c5645d2944c4b262e3b5813d266f0d5&title=ProjectUpdate-X	Get hash	malicious	HTMLPhisher	Browse	104.21.89.211
	https://doc-42.jimdosite.com/	Get hash	malicious	HTMLPhisher	Browse	104.17.3.184
	https://live.easygenerator.com/review/course/3850bd4a-58ae-47b2-bb6f-157e213d949f/	Get hash	malicious	Unknown	Browse	104.18.12.112
	https://webcompanion.com/nano_download.php?	Get hash	malicious	Unknown	Browse	104.19.208.152
	https://cdp1.tracking.e360.salesforce.com/click?jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZW5hbnRfaWQiOiJhMzYwL3Byb2QvNTBhMGYyODg2ZTg4NDA3Y2I1ODUwYmRjOWQwZGIxZTUiLCJjcmVhdGlvbl90aW1lIjoxNzE0MTQxMDYyLCJtZXNzYWdlX2lkIjoiMGd5MHB6amd2a3hmeTlnN24wNzkzdzQ3IzIzYWUwMmFhLWVjMDQtNGYwMy1iODk3LWM4NjMyYzU3ZDIxMyIsImNoYW5uZWxfdHlwZSI6ImVtYWlsIiwiZXhwIjoxNzQ1Njc3MDYyLCJyZWRpcmVjdF91cmwiOiJodHRwczovL3ZtbWVzc2FuZ2VyLnJkb2NtZ2xvYmFsLmNvbS9kb2NzL2luZGV4LnBocD9tYWlsPSUyMHNlYW4uZnVlbGxoYXJ0QGJhbmthdGNpdHkuY29tJnBhdGhzPWFib3ZlJmxpbms9RmF4X091dGxvb2siLCJpbmRpdmlkdWFsX2lkIjoiNDBmMjcwMDVjM2U0ZWRkMzE4MTUyNDIxMWMwZmNiZDYifQ.HuxvS7w7UGVjl7M8LBH9yLcIGAIbx_lymrlb7oZbnQ4	Get hash	malicious	Captcha Phish	Browse	1.1.1.1
	https://gjyefv.degaris.com/	Get hash	malicious	HTMLPhisher	Browse	104.17.2.184
	Scanned from Xerox Multi.......rtf	Get hash	malicious	HTMLPhisher	Browse	172.67.167.15
	https://xxxjns2qi.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	104.21.53.38
	https://control.mailblaze.com/index.php/survey/wq790f4mf09e0	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.21.58.67
	neo.msi	Get hash	malicious	Latrodectus	Browse	172.67.219.28

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	PNG image data, 180 x 180, 1-bit grayscale, non-interlaced
Category:	dropped
Size (bytes):	456
Entropy (8bit):	7.287712404075176
Encrypted:	false
SSDEEP:	12:6v/78DktD1pNAcfI+lnYjPU5pF6SmORIrtAZn:E7fICnYjyzK/E
MD5:	4D46489A6AB46C02EA0A7DE3818E456C
SHA1:	1C5CD1B65478994C5E607E5E7DF32644CE299C23
SHA-256:	8E12104BE53F15870E532E721C6B5FEE99384CC46CC8D5B926725F22AB292507
SHA-512:	D2ABA6492F64DBF2F99EADEE3DDDBAB0A9F96ABF3BBF8C63A2B258AB7EC4A2B457F7A9BB5DB0B52706E8A9455388997433765DF0BEDC6ACA205BC836AA25D2E4
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...............;.....pHYs...a...a..?.i...zIDATx..An.1...~@...~.j.mO....K.$..A.).b4/W...}I.S..=....^...o..O.F.._..72W./..5...d..u%~.Q.u!......y.....8.X..>v.(x......s`Q2.f=...7xu....LLs....W...DP...7{.L}.?...s?m6q....H]<..Z.R.{.,?.~........=..V....#;....:]_...h=b....<.ii.@.1.e.H..........L}feZ...y.'...J.>....?..@g......P.6....}. .yPJ..KC.9.....L.....o.........G&.N...e..-..._.>c.A+....l.S....(.......?........Q`^f>....IEND.B`.

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F694EF49.png

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	PNG image data, 108 x 24, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	1057
Entropy (8bit):	7.6851406288304105
Encrypted:	false
SSDEEP:	24:Qb0EcwtZDFHs70yTIy9pEq0WVBtXVMDug3iLRciNe47zz:QIEFA7pdl3tFEWRRPz
MD5:	ED9C9EB0DCE17D752BEDEA6B5ACDA6D9
SHA1:	ECA56C4904354EED5DA0DEBCD6BD66856AB4784D
SHA-256:	F664B8138C2DA6EC7565500A7CC839DA6372614A31DC04C5A2169A26B8D9767C
SHA-512:	3BFB696318DDB93540140DBCD4DBB32F129441E46EE752C6B7379624488533BA27CC7EFF3CAE444C1797CA6EECDF333EDAF443AC84CDEB037A890967091CF91C
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.PNG........IHDR...l.................pHYs...........~.....IDATh..XMN.P..\.E......' ,.-.$'.H....s...1.vQ.......4.........-.<......{..\|.?.w[4....A.=h<>.......7..t.u..]A{..&...,..h.`D4.01]......H.&..C.w...@......a..3..H.aR.=.g.(.0.6...;Wl...X.X..G.Bf.....D4...K..p... ..hh.-b.R.Z....Z..zYQc}....u^..R.Dzm$..%c".....C.z.\&U9P..0.3s*..31..@...W..2....yG.....c)k.F....3.I!....2..F.....`%1.....-..U.s(.p..S.($/...}(.5.\"k.+.I.Q...cb....kt..o.`.........%L....;.J.[..b.xx)c,X7.....)..'.n..H=E<.B.].g.}f.o...........znJ.....Q$....7...#.&..g.D..X....F..~=...%IQ.........e.....>.R..............s..[.D\|l.n&..a06..d.5.5YGC..3N......<..Pt..\<{b...i.....)!.....8...0.t_.....8..T.......)G.-mzK....../..TDK..k..s"ch.0....i..`...`V..H.Q"...x......!.."..Q..%3O.L.....$....e.s.m..\|\|.......AD."...#.%b,'..r!.}c...X!2kCD6..iX.\@S..3Er....B...D...%.O...(._...-....{b......z........r.N..W2....L.1~-.J.?.l....?..q:..W.5&.....\|..>.B...G.oa.S.....1......Zo...q.....

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{89E871C7-A4A1-42CB-8C0A-A87B5A9E4683}.tmp

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	2560
Entropy (8bit):	1.4225547553671973
Encrypted:	false
SSDEEP:	12:rl3lTpFQDlOIfdt/4fdt/4CIW9E//4W9E//4CICICb77:rnOtoGXYX
MD5:	14F29D612A65B2AF4A76D974A746D0A7
SHA1:	84A16B0A43586BCCB018B359BAA925948461E5CF
SHA-256:	10AD3E51F897B49A7FCE2F449C11954B2E07C45801DA6F05959FFA07FC1A4E9A
SHA-512:	2823AC5694852B328E3019575C725894DD1FA30B8DEAEC168D59ADE44757F2416B29CF6EC8575F64D3CDD306C1DB2B9A817AAF92466DAAA8967DC8995205230D
Malicious:	false
Reputation:	low
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{67B84FBD-E5CF-484E-8E16-CA82898FEABF}.tmp

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	2418
Entropy (8bit):	2.961207259429166
Encrypted:	false
SSDEEP:	48:UDor0cGkk3LsWapZK9jAWZvcbmd4HLyLRS7xyChURfM:UDoCH35i4WWcbXryB4
MD5:	D12F5AB5CC403072634BF51BB16FDDD1
SHA1:	F1260888949D32564B4DCB2F6FE7E9795E3759BF
SHA-256:	4F5E737E68454279C4C6589B87AFC4F55845ABA10A2B6CC843136B93D9EA3249
SHA-512:	029C2C111EDA743F3CBC666A019E688E743F59E3FE494DC74DAA552B02E4BCC3E04CBE1E598A749B4758653A0D0E47D8EBFCD6EC2D415B0DB4972C514039959D
Malicious:	false
Reputation:	low
Preview:	../.....O.a.p.c. .Q.1. .2.0.2.4. .F.u.n.d. .I.I. .F.i.n.a.n.c.i.a.l. .R.e.p.o.r.t.s. .-. .T.h.u.r.s.d.a.y.-.A.p.r.i.l.-.2.0.2.4. .1.0.:.2.4. .A.M.........D.e.a.r. .J.o.e.s....... .P.l.e.a.s.e. .b.e. .i.n.f.o.r.m.e.d.;. .u.p.d.a.t.e.d. .F.u.n.d. .I.I. .Q.1. .F.i.n.a.n.c.i.a.l.s. .J.a.n.u.a.r.y.,.F.e.b.r.u.a.r.y. .a.n.d. .M.a.r.c.h. .2.0.2.4. .a.r.e. .n.o.w. .a.v.a.i.l.a.b.l.e.....-.2.0.2.4. .J.a.n. .R.e.p.o.r.t.i.n.g...-.2.0.2.4. .F.e.b. .R.e.p.o.r.t.i.n.g...-.2.0.2.4. .M.a.r. .R.e.p.o.r.t.i.n.g.........................................~...........................................`.......p.......................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F6481146-C418-4192-8EA3-C130B10535CF}.tmp

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	1024
Entropy (8bit):	0.05390218305374581
Encrypted:	false
SSDEEP:	3:ol3lYdn:4Wn
MD5:	5D4D94EE7E06BBB0AF9584119797B23A
SHA1:	DBB111419C704F116EFA8E72471DD83E86E49677
SHA-256:	4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
SHA-512:	95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
Malicious:	false
Reputation:	high, very likely benign file
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\mso7E34.tmp

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	GIF image data, version 89a, 15 x 15
Category:	dropped
Size (bytes):	663
Entropy (8bit):	5.949125862393289
Encrypted:	false
SSDEEP:	12:PlrojAxh4bxdtT/CS3wkxWHMGBJg8E8gKVYQezuYEecp:trPsTTaWKbBCgVqSF
MD5:	ED3C1C40B68BA4F40DB15529D5443DEC
SHA1:	831AF99BB64A04617E0A42EA898756F9E0E0BCCA
SHA-256:	039FE79B74E6D3D561E32D4AF570E6CA70DB6BB3718395BE2BF278B9E601279A
SHA-512:	C7B765B9AFBB9810B6674DBC5C5064ED96A2682E78D5DFFAB384D81EDBC77D01E0004F230D4207F2B7D89CEE9008D79D5FBADC5CB486DA4BC43293B7AA878041
Malicious:	false
Reputation:	high, very likely benign file
Preview:	GIF89a....w..!..MSOFFICE9.0.....sRGB......!..MSOFFICE9.0.....msOPMSOFFICE9.0Dn&P3.!..MSOFFICE9.0.....cmPPJCmp0712.........!.......,....................'..;..b...RQ.xx..................,+................................yy..;..b.........................qp.bb..........uv.ZZ.LL.......xw.jj.NN.A@....zz.mm.^_.........yw........yx.xw.RR.,.++............................................................................................................................................................................................................8....>.......................4567...=..../0123.....<9:.()+,-.B.@...."#$%&'....... !............C.?....A;<...HT(..;

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\MSG.LNK

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:10 2023, mtime=Fri Aug 11 15:42:10 2023, atime=Fri Apr 26 18:26:10 2024, length=14129, window=hide
Category:	dropped
Size (bytes):	980
Entropy (8bit):	4.501594094275527
Encrypted:	false
SSDEEP:	12:8ICJ5C1gXg/XAlCPCHaXKBn/mgB/qPX+WmxsNXPsicvb1F1fjmNDtZ3YilMMEpxL:8k/XT6L4YxgneNbCDv3qkk7N
MD5:	677A5602C5713E2F14FB1F991F74DE45
SHA1:	07B9F4C9216F1D4B8F50C3755CBB03AFE241F81D
SHA-256:	DC7047605867EFD56E383110B3E285C93792C1D80F01B165F657658E2AF5482A
SHA-512:	73AFC16153982CF7E4ECB4ABD6A715B12D5670E8E995CC99DCA7B66279C9DC9E7595A9356AACA1BB1E7B5522FF0996C0CBF6E23718D61E4B2F74B9C900AF9E86
Malicious:	false
Reputation:	low
Preview:	L..................F.... .....9.r.....9.r....W.....17...........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......XC...user.8......QK.X.XC....&=....U...............A.l.b.u.s.....z.1......WG...Desktop.d......QK.X.WG...._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....V.2.17...XF. .MSG~1.DOC.>.......WF..WF..........................M.S.G...d.o.c.x.......r...............-...8...[............?J......C:\Users\..#...................\\138727\Users.user\Desktop\MSG.docx.......\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.M.S.G...d.o.c.x.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......138727..........D_....3N...W...9.W.e8...8.....[D_....3N...W...9.W.e8...8.....[....

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	Generic INItialization configuration [folders]
Category:	dropped
Size (bytes):	41
Entropy (8bit):	4.381942248520523
Encrypted:	false
SSDEEP:	3:HjvrFom4DidrFov:Hjv5nd5y
MD5:	12F3BBEB79DE6F44C4921B0714FE7701
SHA1:	A57C07EA5674CDCCB4CA69E85D5813EE77F7716E
SHA-256:	CC1E43AB57B09CD39EAEF3EF0AA3D133EDEF14BBFC383BDF0DEBF2FB8DF98F9F
SHA-512:	C5FFCA85CA88FBB0DC33155ACC4DA98ED2C3EDCEAC7959D900772BE887A7189B431E438FEACDA375E0A76C5862B27F605CA9E34D42BD30D4148C87F9B2851B12
Malicious:	false
Preview:	[misc]..MSG.LNK=0..[folders]..MSG.LNK=0..

C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	162
Entropy (8bit):	2.5038355507075254
Encrypted:	false
SSDEEP:	3:vrJlaCkWtVyNyB9Kyz2FWWtGLHV/ln:vdsCkWtC5+dl
MD5:	954EBA139F03B75841570D5E6E9B72D9
SHA1:	326ABC7B177953C72FF5B4E4272ACEF006B315D8
SHA-256:	1A543E58BA34C93358B12239CB6793B7A888A6EC4DFA36C3173B4FE3CFCB2D48
SHA-512:	4FD91AFA5289AEF3315F31D1033500AEF06570F0E8EAD218AB9FC1C4DAA60F92779E7A340D9DB024DFA0ABC9F7E36F54A8F65079CB2554493133CB675D12C9CE
Malicious:	false
Preview:	.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

C:\Users\user\Desktop\~$MSG.docx

Download File

Process:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
File Type:	data
Category:	dropped
Size (bytes):	162
Entropy (8bit):	2.5038355507075254
Encrypted:	false
SSDEEP:	3:vrJlaCkWtVyNyB9Kyz2FWWtGLHV/ln:vdsCkWtC5+dl
MD5:	954EBA139F03B75841570D5E6E9B72D9
SHA1:	326ABC7B177953C72FF5B4E4272ACEF006B315D8
SHA-256:	1A543E58BA34C93358B12239CB6793B7A888A6EC4DFA36C3173B4FE3CFCB2D48
SHA-512:	4FD91AFA5289AEF3315F31D1033500AEF06570F0E8EAD218AB9FC1C4DAA60F92779E7A340D9DB024DFA0ABC9F7E36F54A8F65079CB2554493133CB675D12C9CE
Malicious:	false
Preview:	.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

Chrome Cache Entry: 100

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (696), with no line terminators
Category:	downloaded
Size (bytes):	696
Entropy (8bit):	5.386219842867898
Encrypted:	false
SSDEEP:	12:kx2REXy7iLHskwGWLyPvKNGexV/mgKpOo7DzBkCuoerpeJ/T9JgZT6NR/fj8eG:kcACMWLyXKVV/qhFuJklgZiR/tG
MD5:	64047B71522B087135B5249307CE1D66
SHA1:	E5D9CBBD01B12D1A4025E8F11F323592F51B40B9
SHA-256:	5AA14784640F043FCD2DADB457194065C2314DC8E4B75C432B0EF7409A110691
SHA-512:	0968B0C7F13D5535CE5EBDDE2A8123BBD9E2B4D495F0F75DABEE8566A40513F2C75632BAAC201422159B40DCCD3A4CCBA58F424A901D0A5FE95BD71443C703A2
Malicious:	false
URL:	https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html
Preview:	<html><head>.<meta name="viewport" content="width=device-width, initial-scale=1.0">.<script src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback" defer async></script></head><body style="display:flex;justify-content:center;align-items:center;text-align:center;">.<div>..<h3 id="status-shower" style="margin-bottom:30px;"> Verifying site connection... </h3>..<div id="cf-show" style=""></div>...<input type="hidden" id="b64u" value="aHR0cHM6Ly9uYXZpcGFoYXQuaW4vd3AtaW5jbHVkZXMvaG9zdCU1YjI0LjAlNWQvNzQ2OGMwOS5waHA=" class=""></input></div>.<script src="https://navipahat.in/wp-includes/host%5b24.0%5d/admin/js/sc.php?r=ZW0sZW1haWwsYWRk"></script> </body></html>

Chrome Cache Entry: 98

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (611)
Category:	downloaded
Size (bytes):	27242
Entropy (8bit):	4.3631679730758375
Encrypted:	false
SSDEEP:	384:6FamwIluB0sJQqCeSQup5szCUXAG0VVi82OgoKACZQQofNJXY3gW3:663Mp5If8WOmgW3
MD5:	DF3D48946E8D3F5A83608308EDBB4B86
SHA1:	47B9C40C97ABF2658DF96B1C06109324E15E1A00
SHA-256:	570A6631252B8A52DF4DE0E953AE77DBDF524DFC3637CDA2840494A0D2B49499
SHA-512:	36EC1CEC72DC3245730C813277C645525473CC5232E85CD23503B8593D90264F335E61A16D364A1E6C41922820B40BA7C0F46B19F4B91DB6A0CF5E31E778DDEA
Malicious:	false
URL:	https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/favicon.ico
Preview:	<!DOCTYPE html>.<html lang="en">. <head>. <meta charset="UTF-8" />. <meta name="viewport" content="width=device-width, initial-scale=1.0" />. <link rel="icon" href="https://www.cloudflare.com/favicon.ico" />. <title>Not Found</title>. <style>. body {. font-family: system-ui;. font-weight: 300;. font-size: 1.25rem;. color: #36393a;. display: flex;. align-items: center;. justify-content: center;. }. main {. max-width: 1200px;. margin-top: 120px;. display: flex;. flex-wrap: wrap;. align-items: center;. justify-content: center;. }. #text {. max-width: 60%;. margin-left: 1rem;. margin-right: 1rem;. }. main > section > div {. margin-bottom: 3.25rem;. }. svg {. margin-left: 2rem;. }. @keyframes eye-1 {. 0% {. transform: translateX(0);. }. 10%,. 50% {. tr

Chrome Cache Entry: 99

Download File

Process:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (42414)
Category:	downloaded
Size (bytes):	42415
Entropy (8bit):	5.374174676958316
Encrypted:	false
SSDEEP:	768:JC9//LuIHdpbSt3JoVMjX1y48S7d1dxoqmNdKyBVnPNAZASyXY1eO4mH19B59:OuIHdpbSt3vFy4X4PNdN+9
MD5:	F94A2211CE789A95A7C67E8C660D63E8
SHA1:	F1FC19B6BCB96D0A905BF3192AAFF0885FF9F36F
SHA-256:	926DC3302F99EC05E4206E965DDEB7250F5910A8C38E82C7BEAFB724BBAAF37B
SHA-512:	EAC0FC89C2D6CCEB9F4C18DFC610DFF8BC194D3994F0C74B3D991F8423C6DADE11D805E76124596521C58AFA9939B45D2D3157F0A48626E12548020FC38364D3
Malicious:	false
URL:	https://challenges.cloudflare.com/turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback
Preview:	"use strict";(function(){function bt(e,r,t,o,u,s,m){try{var b=e[s](m),h=b.value}catch(d){t(d);return}b.done?r(h):Promise.resolve(h).then(o,u)}function Et(e){return function(){var r=this,t=arguments;return new Promise(function(o,u){var s=e.apply(r,t);function m(h){bt(s,o,u,m,b,"next",h)}function b(h){bt(s,o,u,m,b,"throw",h)}m(void 0)})}}function M(e,r){return r!=null&&typeof Symbol!="undefined"&&r[Symbol.hasInstance]?!!r[Symbol.hasInstance](e):M(e,r)}function Ie(e,r,t){return r in e?Object.defineProperty(e,r,{value:t,enumerable:!0,configurable:!0,writable:!0}):e[r]=t,e}function Ve(e){for(var r=1;r<arguments.length;r++){var t=arguments[r]!=null?arguments[r]:{},o=Object.keys(t);typeof Object.getOwnPropertySymbols=="function"&&(o=o.concat(Object.getOwnPropertySymbols(t).filter(function(u){return Object.getOwnPropertyDescriptor(t,u).enumerable}))),o.forEach(function(u){Ie(e,u,t[u])})}return e}function fr(e,r){var t=Object.keys(e);if(Object.getOwnPropertySymbols){var o=Object.getOwnPropertyS

Static File Info

General

File type:	Microsoft Word 2007+
Entropy (8bit):	7.828314037415514
TrID:	Word Microsoft Office Open XML Format document (49504/1) 49.01% Word Microsoft Office Open XML Format document (43504/1) 43.07% ZIP compressed archive (8000/1) 7.92%
File name:	MSG.docx
File size:	14'129 bytes
MD5:	80a08672a3ea9cb9b3bf2eb7eef46058
SHA1:	4e105a2c1d4aac7927a0d54422654fc2c481fb5f
SHA256:	797051ff4e6ab6de818abdc5a13151c76f25b529f9f4da90013d0a3d4e6685df
SHA512:	5158d744ad6be129d0fd2fb71dfb374c174e8e2b78c4e63fc88842dd75e4aecf7795c2562956833cadc8496760f356fc256ccf2ca9e0b8a119dabfbba73153c1
SSDEEP:	384:23d84vLSUxWgQyF+0ZH09jQNoSyHwq58TghrCGHvH9:wpx/QWt09SyQBUQQvd
TLSH:	8952AE55EA2B0738F30A4EF1A054F4BADD6B90BAD64BE50B5A9153F44EB09C07133BA4
File Content Preview:	PK...........X.O..............[Content_Types].xml...N.0.._e..a.b.1..*.7j">@i..q.i.3...l....P.f.z......lr.n.d.!.t.t.....Bm.j..,....z6Y\|x....8M.D.J...`e....J..J....^.W..1../.BG.h@.#.Mn!.eA..;/7.<.&7M_%5M...Q..,...q0@.;&7N...\|Y.x...k..Y..j..o...F.FUZ..p....A

File Icon


Icon Hash:	65e6a3a3afb7bdbf

Static OLE Info

General

Document Type:	OpenXML
Number of OLE Files:	1

OLE File "MSG.docx"

Indicators

Has Summary Info:
Application Name:
Encrypted Document:	False
Contains Word Document Stream:	True
Contains Workbook/Book Stream:	False
Contains PowerPoint Document Stream:	False
Contains Visio Document Stream:	False
Contains ObjectPool Stream:	False
Flash Objects Count:	0
Contains VBA Macros:	False

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 21:26:29.391248941 CEST	49161	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:29.391283989 CEST	443	49161	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:29.391335011 CEST	49161	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:29.419476032 CEST	49161	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:29.419492960 CEST	443	49161	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:29.692924976 CEST	443	49161	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:29.693589926 CEST	49161	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:29.693609953 CEST	443	49161	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:29.695705891 CEST	443	49161	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:29.695780993 CEST	49161	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:29.927932024 CEST	49165	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:29.927974939 CEST	443	49165	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:29.928041935 CEST	49165	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:29.933238983 CEST	49161	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:29.933552027 CEST	443	49161	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:29.934077024 CEST	49161	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:29.934102058 CEST	443	49161	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:29.948720932 CEST	49165	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:29.948739052 CEST	443	49165	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:30.135819912 CEST	49161	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:30.205282927 CEST	443	49165	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:30.205492020 CEST	49165	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:30.205509901 CEST	443	49165	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:30.206490040 CEST	443	49165	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:30.206543922 CEST	49165	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:30.206897974 CEST	49165	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:30.206962109 CEST	443	49165	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:30.412122011 CEST	443	49165	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:30.412174940 CEST	49165	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:30.604275942 CEST	443	49161	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:30.604439020 CEST	443	49161	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:30.604513884 CEST	49161	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:30.605424881 CEST	49161	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:30.605463028 CEST	443	49161	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:31.073760033 CEST	49166	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.073800087 CEST	443	49166	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.073930025 CEST	49166	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.074166059 CEST	49166	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.074177980 CEST	443	49166	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.118226051 CEST	49167	443	192.168.2.22	192.185.166.178
Apr 26, 2024 21:26:31.118308067 CEST	443	49167	192.185.166.178	192.168.2.22
Apr 26, 2024 21:26:31.118436098 CEST	49167	443	192.168.2.22	192.185.166.178
Apr 26, 2024 21:26:31.118925095 CEST	49167	443	192.168.2.22	192.185.166.178
Apr 26, 2024 21:26:31.118961096 CEST	443	49167	192.185.166.178	192.168.2.22
Apr 26, 2024 21:26:31.239329100 CEST	49168	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:26:31.239350080 CEST	443	49168	142.251.116.106	192.168.2.22
Apr 26, 2024 21:26:31.239466906 CEST	49168	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:26:31.239624977 CEST	49168	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:26:31.239634037 CEST	443	49168	142.251.116.106	192.168.2.22
Apr 26, 2024 21:26:31.342808962 CEST	443	49166	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.343049049 CEST	49166	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.343060017 CEST	443	49166	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.344706059 CEST	443	49166	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.344815016 CEST	49166	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.345796108 CEST	49166	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.345887899 CEST	443	49166	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.345897913 CEST	49166	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.388117075 CEST	443	49166	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.537883043 CEST	49166	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.537893057 CEST	443	49166	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.565067053 CEST	443	49168	142.251.116.106	192.168.2.22
Apr 26, 2024 21:26:31.565337896 CEST	49168	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:26:31.565346003 CEST	443	49168	142.251.116.106	192.168.2.22
Apr 26, 2024 21:26:31.566302061 CEST	443	49168	142.251.116.106	192.168.2.22
Apr 26, 2024 21:26:31.566373110 CEST	49168	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:26:31.567370892 CEST	49168	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:26:31.567440033 CEST	443	49168	142.251.116.106	192.168.2.22
Apr 26, 2024 21:26:31.630399942 CEST	443	49166	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.630537033 CEST	49166	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.632297993 CEST	49166	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.632297993 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.632318974 CEST	443	49166	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.632333040 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.632606983 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.632776976 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.632786989 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.771924973 CEST	49168	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:26:31.771934986 CEST	443	49168	142.251.116.106	192.168.2.22
Apr 26, 2024 21:26:31.889518976 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.889942884 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.889956951 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.890408993 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.890882015 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.890957117 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.891058922 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:31.936125040 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:31.972023964 CEST	49168	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:26:32.095918894 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:32.230335951 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.230457067 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.230564117 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.230612040 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:32.230629921 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.230736017 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.230779886 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:32.230784893 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.230886936 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.230936050 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:32.230941057 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.231074095 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.231117964 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:32.231122017 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.231573105 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.231617928 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:32.231622934 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.231724977 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.231827974 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.231879950 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:32.231884956 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.232482910 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.232563019 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.232604980 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:32.232609987 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.232707977 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.233428001 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.233475924 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:32.233480930 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.233576059 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.233625889 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:32.233630896 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.234321117 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.234402895 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.234452009 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:32.234458923 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.234554052 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.234632969 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.234678984 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:32.234683990 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.235253096 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.235328913 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.235378027 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:32.235383034 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.235527039 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:32.237731934 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:32.334640980 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:33.264110088 CEST	49169	443	192.168.2.22	104.17.2.184
Apr 26, 2024 21:26:33.264136076 CEST	443	49169	104.17.2.184	192.168.2.22
Apr 26, 2024 21:26:41.577522039 CEST	443	49168	142.251.116.106	192.168.2.22
Apr 26, 2024 21:26:41.577594042 CEST	443	49168	142.251.116.106	192.168.2.22
Apr 26, 2024 21:26:41.577657938 CEST	49168	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:26:43.609893084 CEST	49168	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:26:43.609930992 CEST	443	49168	142.251.116.106	192.168.2.22
Apr 26, 2024 21:26:45.201637983 CEST	443	49165	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:45.201711893 CEST	443	49165	104.18.3.35	192.168.2.22
Apr 26, 2024 21:26:45.201865911 CEST	49165	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:46.027129889 CEST	49165	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:26:46.027153969 CEST	443	49165	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:01.217766047 CEST	49167	443	192.168.2.22	192.185.166.178
Apr 26, 2024 21:27:01.260149002 CEST	443	49167	192.185.166.178	192.168.2.22
Apr 26, 2024 21:27:01.356820107 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:01.356864929 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:01.356931925 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:01.359674931 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:01.359687090 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:01.617561102 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:01.617897987 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:01.617921114 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:01.618379116 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:01.619702101 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:01.619788885 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:01.619992971 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:01.664118052 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.134155989 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.134308100 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.134349108 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:02.134362936 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.134506941 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.134546041 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:02.134556055 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.134707928 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.134749889 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:02.134754896 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.134896994 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.134937048 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:02.134942055 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.135086060 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.135129929 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:02.135134935 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.135325909 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.135366917 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:02.135370970 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.135502100 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.135545015 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:02.135550022 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.136040926 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.136079073 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:02.136082888 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.136424065 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.136465073 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:02.136470079 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.136785984 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.136831045 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:02.136835098 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.137020111 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:02.137063980 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:02.137104988 CEST	49171	443	192.168.2.22	104.18.3.35
Apr 26, 2024 21:27:02.137116909 CEST	443	49171	104.18.3.35	192.168.2.22
Apr 26, 2024 21:27:31.130048037 CEST	49173	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:27:31.130114079 CEST	443	49173	142.251.116.106	192.168.2.22
Apr 26, 2024 21:27:31.130182981 CEST	49173	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:27:31.130445957 CEST	49173	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:27:31.130481005 CEST	443	49173	142.251.116.106	192.168.2.22
Apr 26, 2024 21:27:31.459161997 CEST	443	49173	142.251.116.106	192.168.2.22
Apr 26, 2024 21:27:31.462049961 CEST	49173	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:27:31.462084055 CEST	443	49173	142.251.116.106	192.168.2.22
Apr 26, 2024 21:27:31.463201046 CEST	443	49173	142.251.116.106	192.168.2.22
Apr 26, 2024 21:27:31.464308023 CEST	49173	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:27:31.464512110 CEST	443	49173	142.251.116.106	192.168.2.22
Apr 26, 2024 21:27:31.661164999 CEST	49173	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:27:41.454111099 CEST	443	49173	142.251.116.106	192.168.2.22
Apr 26, 2024 21:27:41.454273939 CEST	443	49173	142.251.116.106	192.168.2.22
Apr 26, 2024 21:27:41.454339981 CEST	49173	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:27:41.524945974 CEST	49173	443	192.168.2.22	142.251.116.106
Apr 26, 2024 21:27:41.524966002 CEST	443	49173	142.251.116.106	192.168.2.22
Apr 26, 2024 21:27:46.269037008 CEST	49167	443	192.168.2.22	192.185.166.178
Apr 26, 2024 21:27:46.269082069 CEST	443	49167	192.185.166.178	192.168.2.22

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 26, 2024 21:26:27.251012087 CEST	52917	53	192.168.2.22	8.8.8.8
Apr 26, 2024 21:26:27.251951933 CEST	62751	53	192.168.2.22	8.8.8.8
Apr 26, 2024 21:26:27.449240923 CEST	53	62751	8.8.8.8	192.168.2.22
Apr 26, 2024 21:26:27.451664925 CEST	53	52917	8.8.8.8	192.168.2.22
Apr 26, 2024 21:26:29.094702959 CEST	57893	53	192.168.2.22	8.8.8.8
Apr 26, 2024 21:26:29.279450893 CEST	54821	53	192.168.2.22	8.8.8.8
Apr 26, 2024 21:26:29.281552076 CEST	53	57893	8.8.8.8	192.168.2.22
Apr 26, 2024 21:26:29.457019091 CEST	53	54821	8.8.8.8	192.168.2.22
Apr 26, 2024 21:26:29.582500935 CEST	53	54998	8.8.8.8	192.168.2.22
Apr 26, 2024 21:26:29.839504957 CEST	53	62672	8.8.8.8	192.168.2.22
Apr 26, 2024 21:26:30.884953022 CEST	49384	53	192.168.2.22	8.8.8.8
Apr 26, 2024 21:26:30.886935949 CEST	54842	53	192.168.2.22	8.8.8.8
Apr 26, 2024 21:26:30.888670921 CEST	58105	53	192.168.2.22	8.8.8.8
Apr 26, 2024 21:26:30.888947010 CEST	64928	53	192.168.2.22	8.8.8.8
Apr 26, 2024 21:26:31.058222055 CEST	54261	53	192.168.2.22	8.8.8.8
Apr 26, 2024 21:26:31.058222055 CEST	60507	53	192.168.2.22	8.8.8.8
Apr 26, 2024 21:26:31.072228909 CEST	53	49384	8.8.8.8	192.168.2.22
Apr 26, 2024 21:26:31.073106050 CEST	53	54842	8.8.8.8	192.168.2.22
Apr 26, 2024 21:26:31.107278109 CEST	53	64928	8.8.8.8	192.168.2.22
Apr 26, 2024 21:26:31.117854118 CEST	53	58105	8.8.8.8	192.168.2.22
Apr 26, 2024 21:26:31.233243942 CEST	53	54261	8.8.8.8	192.168.2.22
Apr 26, 2024 21:26:31.237003088 CEST	53	58095	8.8.8.8	192.168.2.22
Apr 26, 2024 21:26:31.238696098 CEST	53	60507	8.8.8.8	192.168.2.22
Apr 26, 2024 21:26:52.004587889 CEST	53	59447	8.8.8.8	192.168.2.22
Apr 26, 2024 21:27:02.170129061 CEST	53	64687	8.8.8.8	192.168.2.22
Apr 26, 2024 21:27:16.133250952 CEST	53	49949	8.8.8.8	192.168.2.22
Apr 26, 2024 21:27:26.912178993 CEST	53	49226	8.8.8.8	192.168.2.22
Apr 26, 2024 21:27:38.223586082 CEST	53	53031	8.8.8.8	192.168.2.22

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Apr 26, 2024 21:26:29.457194090 CEST	192.168.2.22	8.8.8.8	d061	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 26, 2024 21:26:27.251012087 CEST	192.168.2.22	8.8.8.8	0x181d	Standard query (0)	pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:27.251951933 CEST	192.168.2.22	8.8.8.8	0xd6c2	Standard query (0)	pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev	65	IN (0x0001)	false
Apr 26, 2024 21:26:29.094702959 CEST	192.168.2.22	8.8.8.8	0x8576	Standard query (0)	pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:29.279450893 CEST	192.168.2.22	8.8.8.8	0xf95d	Standard query (0)	pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev	65	IN (0x0001)	false
Apr 26, 2024 21:26:30.884953022 CEST	192.168.2.22	8.8.8.8	0x80f5	Standard query (0)	challenges.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:30.886935949 CEST	192.168.2.22	8.8.8.8	0x8b42	Standard query (0)	challenges.cloudflare.com	65	IN (0x0001)	false
Apr 26, 2024 21:26:30.888670921 CEST	192.168.2.22	8.8.8.8	0xd014	Standard query (0)	navipahat.in	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:30.888947010 CEST	192.168.2.22	8.8.8.8	0xec0a	Standard query (0)	navipahat.in	65	IN (0x0001)	false
Apr 26, 2024 21:26:31.058222055 CEST	192.168.2.22	8.8.8.8	0xba62	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:31.058222055 CEST	192.168.2.22	8.8.8.8	0x1be2	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 26, 2024 21:26:27.451664925 CEST	8.8.8.8	192.168.2.22	0x181d	No error (0)	pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev	104.18.3.35	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:27.451664925 CEST	8.8.8.8	192.168.2.22	0x181d	No error (0)	pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev	104.18.2.35	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:29.281552076 CEST	8.8.8.8	192.168.2.22	0x8576	No error (0)	pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev	104.18.3.35	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:29.281552076 CEST	8.8.8.8	192.168.2.22	0x8576	No error (0)	pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev	104.18.2.35	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:31.072228909 CEST	8.8.8.8	192.168.2.22	0x80f5	No error (0)	challenges.cloudflare.com	104.17.2.184	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:31.072228909 CEST	8.8.8.8	192.168.2.22	0x80f5	No error (0)	challenges.cloudflare.com	104.17.3.184	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:31.073106050 CEST	8.8.8.8	192.168.2.22	0x8b42	No error (0)	challenges.cloudflare.com		65	IN (0x0001)	false
Apr 26, 2024 21:26:31.117854118 CEST	8.8.8.8	192.168.2.22	0xd014	No error (0)	navipahat.in	192.185.166.178	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:31.233243942 CEST	8.8.8.8	192.168.2.22	0xba62	No error (0)	www.google.com	142.251.116.106	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:31.233243942 CEST	8.8.8.8	192.168.2.22	0xba62	No error (0)	www.google.com	142.251.116.103	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:31.233243942 CEST	8.8.8.8	192.168.2.22	0xba62	No error (0)	www.google.com	142.251.116.105	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:31.233243942 CEST	8.8.8.8	192.168.2.22	0xba62	No error (0)	www.google.com	142.251.116.147	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:31.233243942 CEST	8.8.8.8	192.168.2.22	0xba62	No error (0)	www.google.com	142.251.116.99	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:31.233243942 CEST	8.8.8.8	192.168.2.22	0xba62	No error (0)	www.google.com	142.251.116.104	A (IP address)	IN (0x0001)	false
Apr 26, 2024 21:26:31.238696098 CEST	8.8.8.8	192.168.2.22	0x1be2	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev

https:

challenges.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.22	49161	104.18.3.35	443	3224	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:26:29 UTC	713	OUT	GET /linkofinformationtech.html HTTP/1.1 Host: pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:26:30 UTC	281	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 19:26:30 GMT Content-Type: text/html Content-Length: 696 Connection: close Accept-Ranges: bytes ETag: "64047b71522b087135b5249307ce1d66" Last-Modified: Tue, 09 Apr 2024 16:32:23 GMT Server: cloudflare CF-RAY: 87a8f6fd7b720996-MIA
2024-04-26 19:26:30 UTC	696	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 74 75 72 6e 73 74 69 6c 65 2f 76 30 2f 61 70 69 2e 6a 73 3f 6f 6e 6c 6f 61 64 3d 6f 6e 6c 6f 61 64 54 75 72 6e 73 74 69 6c 65 43 61 6c 6c 62 61 63 6b 22 20 64 65 66 65 72 20 61 73 79 6e 63 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 Data Ascii: <html><head><meta name="viewport" content="width=device-width, initial-scale=1.0"><script src="https://challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback" defer async></script></head><body style="display:flex;justify-content:ce

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.22	49166	104.17.2.184	443	3224	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:26:31 UTC	603	OUT	GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:26:31 UTC	367	IN	HTTP/1.1 302 Found Date: Fri, 26 Apr 2024 19:26:31 GMT Content-Length: 0 Connection: close cache-control: max-age=300, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin location: /turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback Server: cloudflare CF-RAY: 87a8f7073f17dadd-MIA alt-svc: h3=":443"; ma=86400

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.22	49169	104.17.2.184	443	3224	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:26:31 UTC	618	OUT	GET /turnstile/v0/b/471dc2adc340/api.js?onload=onloadTurnstileCallback HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:26:32 UTC	340	IN	HTTP/1.1 200 OK Date: Fri, 26 Apr 2024 19:26:32 GMT Content-Type: application/javascript; charset=UTF-8 Content-Length: 42415 Connection: close Access-Control-Allow-Origin: * Cache-Control: max-age=31536000 Cross-Origin-Resource-Policy: cross-origin Server: cloudflare CF-RAY: 87a8f70abd260321-MIA alt-svc: h3=":443"; ma=86400
2024-04-26 19:26:32 UTC	1029	IN	Data Raw: 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 62 74 28 65 2c 72 2c 74 2c 6f 2c 75 2c 73 2c 6d 29 7b 74 72 79 7b 76 61 72 20 62 3d 65 5b 73 5d 28 6d 29 2c 68 3d 62 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 64 29 7b 74 28 64 29 3b 72 65 74 75 72 6e 7d 62 2e 64 6f 6e 65 3f 72 28 68 29 3a 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 68 29 2e 74 68 65 6e 28 6f 2c 75 29 7d 66 75 6e 63 74 69 6f 6e 20 45 74 28 65 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 72 3d 74 68 69 73 2c 74 3d 61 72 67 75 6d 65 6e 74 73 3b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 6f 2c 75 29 7b 76 61 72 20 73 3d 65 2e 61 70 70 6c 79 28 72 2c 74 29 3b 66 75 6e 63 74 Data Ascii: "use strict";(function(){function bt(e,r,t,o,u,s,m){try{var b=e[s](m),h=b.value}catch(d){t(d);return}b.done?r(h):Promise.resolve(h).then(o,u)}function Et(e){return function(){var r=this,t=arguments;return new Promise(function(o,u){var s=e.apply(r,t);funct
2024-04-26 19:26:32 UTC	1369	IN	Data Raw: 74 69 6f 6e 28 75 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 28 65 2c 75 29 2e 65 6e 75 6d 65 72 61 62 6c 65 7d 29 29 2c 74 2e 70 75 73 68 2e 61 70 70 6c 79 28 74 2c 6f 29 7d 72 65 74 75 72 6e 20 74 7d 66 75 6e 63 74 69 6f 6e 20 77 74 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 72 3d 72 21 3d 6e 75 6c 6c 3f 72 3a 7b 7d 2c 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 73 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 28 65 2c 4f 62 6a 65 63 74 2e 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 73 28 72 29 29 3a 66 72 28 4f 62 6a 65 63 74 28 72 29 29 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 Data Ascii: tion(u){return Object.getOwnPropertyDescriptor(e,u).enumerable})),t.push.apply(t,o)}return t}function wt(e,r){return r=r!=null?r:{},Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(r)):fr(Object(r)).forEach(funct
2024-04-26 19:26:32 UTC	1369	IN	Data Raw: 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 65 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 3f 22 73 79 6d 62 6f 6c 22 3a 74 79 70 65 6f 66 20 65 7d 66 75 6e 63 74 69 6f 6e 20 52 65 28 65 2c 72 29 7b 76 61 72 20 74 3d 7b 6c 61 62 65 6c 3a 30 2c 73 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 73 5b 30 5d 26 31 29 74 68 72 6f 77 20 73 5b 31 5d 3b 72 65 74 75 72 6e 20 73 5b 31 5d 7d 2c 74 72 79 73 3a 5b 5d 2c 6f 70 73 3a 5b 5d 7d 2c 6f 2c 75 2c 73 2c 6d 3b 72 65 74 75 72 6e 20 6d 3d 7b 6e 65 78 74 3a 62 28 30 29 2c 74 68 72 6f 77 3a 62 28 31 29 2c 72 65 74 75 72 6e 3a 62 28 32 29 7d 2c 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 28 6d 5b 53 79 6d 62 6f Data Ascii: &typeof Symbol!="undefined"&&e.constructor===Symbol?"symbol":typeof e}function Re(e,r){var t={label:0,sent:function(){if(s[0]&1)throw s[1];return s[1]},trys:[],ops:[]},o,u,s,m;return m={next:b(0),throw:b(1),return:b(2)},typeof Symbol=="function"&&(m[Symbo
2024-04-26 19:26:32 UTC	1369	IN	Data Raw: 6d 65 20 70 61 72 74 73 20 6f 66 20 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 20 6f 72 20 61 72 65 20 74 68 65 79 20 73 65 6c 66 2d 68 6f 73 74 69 6e 67 20 61 70 69 2e 6a 73 3f 22 7d 3b 76 61 72 20 4f 74 3d 33 30 30 30 32 30 3b 76 61 72 20 4f 65 3d 33 30 30 30 33 30 3b 66 75 6e 63 74 69 6f 6e 20 4e 28 65 2c 72 29 7b 72 65 74 75 72 6e 20 65 2e 69 6e 64 65 78 4f 66 28 72 29 21 3d 3d 2d 31 7d 76 61 72 20 44 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 4d 41 4e 41 47 45 44 3d 22 6d 61 6e 61 67 65 64 22 2c 65 2e 4e 4f 4e 5f 49 4e 54 45 52 41 43 54 49 56 45 3d 22 6e 6f 6e 2d 69 6e 74 65 72 61 63 74 69 76 65 22 2c 65 2e 49 4e 56 49 53 49 42 4c 45 3d 22 69 6e 76 69 73 69 62 6c 65 22 7d 29 28 44 7c 7c 28 44 3d 7b 7d 29 29 3b 76 Data Ascii: me parts of challenges.cloudflare.com or are they self-hosting api.js?"};var Ot=300020;var Oe=300030;function N(e,r){return e.indexOf(r)!==-1}var D;(function(e){e.MANAGED="managed",e.NON_INTERACTIVE="non-interactive",e.INVISIBLE="invisible"})(D\|\|(D={}));v
2024-04-26 19:26:32 UTC	1369	IN	Data Raw: 6e 67 22 26 26 70 72 2e 74 65 73 74 28 65 29 7d 76 61 72 20 76 72 3d 2f 5e 5b 61 2d 7a 30 2d 39 5f 5c 2d 3d 5d 7b 30 2c 32 35 35 7d 24 2f 69 3b 66 75 6e 63 74 69 6f 6e 20 4a 65 28 65 29 7b 72 65 74 75 72 6e 20 65 3d 3d 3d 76 6f 69 64 20 30 3f 21 30 3a 74 79 70 65 6f 66 20 65 3d 3d 22 73 74 72 69 6e 67 22 26 26 76 72 2e 74 65 73 74 28 65 29 7d 66 75 6e 63 74 69 6f 6e 20 5a 65 28 65 29 7b 72 65 74 75 72 6e 20 4e 28 5b 22 6e 6f 72 6d 61 6c 22 2c 22 63 6f 6d 70 61 63 74 22 2c 22 69 6e 76 69 73 69 62 6c 65 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 65 74 28 65 29 7b 72 65 74 75 72 6e 20 4e 28 5b 22 61 75 74 6f 22 2c 22 6d 61 6e 75 61 6c 22 2c 22 6e 65 76 65 72 22 5d 2c 65 29 7d 66 75 6e 63 74 69 6f 6e 20 74 74 28 65 29 7b 72 65 74 75 72 6e 20 4e 28 5b 22 61 Data Ascii: ng"&&pr.test(e)}var vr=/^[a-z0-9_\-=]{0,255}$/i;function Je(e){return e===void 0?!0:typeof e=="string"&&vr.test(e)}function Ze(e){return N(["normal","compact","invisible"],e)}function et(e){return N(["auto","manual","never"],e)}function tt(e){return N(["a
2024-04-26 19:26:32 UTC	1369	IN	Data Raw: 28 74 79 70 65 6f 66 20 50 72 6f 78 79 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 30 3b 74 72 79 7b 72 65 74 75 72 6e 20 42 6f 6f 6c 65 61 6e 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 75 65 4f 66 2e 63 61 6c 6c 28 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 28 42 6f 6f 6c 65 61 6e 2c 5b 5d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 29 2c 21 30 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 21 31 7d 7d 66 75 6e 63 74 69 6f 6e 20 78 65 28 65 2c 72 2c 74 29 7b 72 65 74 75 72 6e 20 4e 65 28 29 3f 78 65 3d 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 3a 78 65 3d 66 75 6e 63 74 69 6f 6e 28 75 2c 73 2c 6d 29 7b 76 61 72 20 62 3d 5b 6e 75 6c 6c 5d 3b 62 2e 70 75 73 68 2e 61 70 70 6c 79 28 62 2c 73 29 3b 76 61 72 20 68 3d 46 75 6e 63 Data Ascii: (typeof Proxy=="function")return!0;try{return Boolean.prototype.valueOf.call(Reflect.construct(Boolean,[],function(){})),!0}catch(e){return!1}}function xe(e,r,t){return Ne()?xe=Reflect.construct:xe=function(u,s,m){var b=[null];b.push.apply(b,s);var h=Func
2024-04-26 19:26:32 UTC	1369	IN	Data Raw: 6b 65 28 73 29 2c 22 63 6f 64 65 22 2c 76 6f 69 64 20 30 29 2c 73 2e 6e 61 6d 65 3d 22 54 75 72 6e 73 74 69 6c 65 45 72 72 6f 72 22 2c 73 2e 63 6f 64 65 3d 75 2c 73 7d 72 65 74 75 72 6e 20 74 7d 28 4c 65 28 45 72 72 6f 72 29 29 3b 66 75 6e 63 74 69 6f 6e 20 76 28 65 2c 72 29 7b 76 61 72 20 74 3d 22 5b 43 6c 6f 75 64 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 2c 22 2e 22 29 3b 74 68 72 6f 77 20 6e 65 77 20 59 74 28 74 2c 72 29 7d 66 75 6e 63 74 69 6f 6e 20 5f 28 65 29 7b 63 6f 6e 73 6f 6c 65 2e 77 61 72 6e 28 22 5b 43 6c 6f 75 64 66 6c 61 72 65 20 54 75 72 6e 73 74 69 6c 65 5d 20 22 2e 63 6f 6e 63 61 74 28 65 2c 22 2e 22 29 29 7d 66 75 6e 63 74 69 6f 6e 20 62 65 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 73 74 61 72 74 73 Data Ascii: ke(s),"code",void 0),s.name="TurnstileError",s.code=u,s}return t}(Le(Error));function v(e,r){var t="[Cloudflare Turnstile] ".concat(e,".");throw new Yt(t,r)}function _(e){console.warn("[Cloudflare Turnstile] ".concat(e,"."))}function be(e){return e.starts
2024-04-26 19:26:32 UTC	1369	IN	Data Raw: 2e 63 6f 6e 63 61 74 28 53 29 29 3b 69 66 28 21 55 29 7b 64 2e 77 61 74 63 68 63 61 74 2e 6d 69 73 73 69 6e 67 57 69 64 67 65 74 57 61 72 6e 69 6e 67 7c 7c 28 5f 28 22 43 61 6e 6e 6f 74 20 66 69 6e 64 20 57 69 64 67 65 74 20 22 2e 63 6f 6e 63 61 74 28 53 2c 22 2c 20 63 6f 6e 73 69 64 65 72 20 75 73 69 6e 67 20 74 75 72 6e 73 74 69 6c 65 2e 72 65 6d 6f 76 65 28 29 20 74 6f 20 63 6c 65 61 6e 20 75 70 20 61 20 77 69 64 67 65 74 2e 22 29 29 2c 64 2e 77 61 74 63 68 63 61 74 2e 6d 69 73 73 69 6e 67 57 69 64 67 65 74 57 61 72 6e 69 6e 67 3d 21 30 29 3b 63 6f 6e 74 69 6e 75 65 7d 69 66 28 28 64 2e 69 73 45 78 65 63 75 74 69 6e 67 7c 7c 21 64 2e 69 73 49 6e 69 74 69 61 6c 69 7a 65 64 7c 7c 64 2e 69 73 49 6e 69 74 69 61 6c 69 7a 65 64 26 26 21 64 2e 69 73 53 74 61 Data Ascii: .concat(S));if(!U){d.watchcat.missingWidgetWarning\|\|(_("Cannot find Widget ".concat(S,", consider using turnstile.remove() to clean up a widget.")),d.watchcat.missingWidgetWarning=!0);continue}if((d.isExecuting\|\|!d.isInitialized\|\|d.isInitialized&&!d.isSta
2024-04-26 19:26:32 UTC	1369	IN	Data Raw: 65 79 4f 76 65 72 72 69 64 65 73 2e 6f 66 66 6c 61 62 65 6c 29 2c 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 63 6c 65 61 72 61 6e 63 65 5f 6c 65 76 65 6c 21 3d 3d 22 64 65 66 61 75 6c 74 22 26 26 72 2e 73 65 74 28 22 63 6c 65 61 72 61 6e 63 65 5f 6c 65 76 65 6c 22 2c 65 2e 70 61 72 61 6d 73 2e 5f 64 65 62 75 67 53 69 74 65 6b 65 79 4f 76 65 72 72 69 64 65 73 2e 63 6c 65 61 72 61 6e 63 65 5f 6c 65 76 65 6c 29 29 2c 72 2e 73 69 7a 65 21 3d 3d 30 29 72 65 74 75 72 6e 20 72 2e 74 6f 53 74 72 69 6e 67 28 29 7d 66 75 6e 63 74 69 6f 6e 20 73 74 28 65 2c 72 29 7b 76 61 72 20 74 3d 22 68 74 74 70 73 3a 2f 2f 63 68 61 6c 6c 65 6e 67 65 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 22 3b 69 66 28 72 29 7b 76 61 Data Ascii: eyOverrides.offlabel),e.params._debugSitekeyOverrides.clearance_level!=="default"&&r.set("clearance_level",e.params._debugSitekeyOverrides.clearance_level)),r.size!==0)return r.toString()}function st(e,r){var t="https://challenges.cloudflare.com";if(r){va
2024-04-26 19:26:32 UTC	1369	IN	Data Raw: 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 31 26 26 61 72 67 75 6d 65 6e 74 73 5b 31 5d 21 3d 3d 76 6f 69 64 20 30 3f 61 72 67 75 6d 65 6e 74 73 5b 31 5d 3a 33 3b 72 65 74 75 72 6e 20 65 2e 6c 65 6e 67 74 68 3e 72 3f 65 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 72 29 3a 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 4a 74 28 65 29 7b 76 61 72 20 72 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6f 29 7b 69 66 28 21 74 7c 7c 74 2e 74 61 67 4e 61 6d 65 3d 3d 3d 22 42 4f 44 59 22 29 72 65 74 75 72 6e 20 6f 3b 66 6f 72 28 76 61 72 20 75 3d 31 2c 73 3d 74 2e 70 72 65 76 69 6f 75 73 45 6c 65 6d 65 6e 74 53 69 62 6c 69 6e 67 3b 73 3b 29 73 2e 74 61 67 4e 61 6d 65 3d 3d 3d 74 2e 74 61 67 4e 61 6d 65 26 26 75 2b 2b 2c 73 3d 73 2e 70 72 65 76 69 6f 75 73 45 6c 65 6d 65 6e 74 53 69 62 6c 69 6e Data Ascii: ments.length>1&&arguments[1]!==void 0?arguments[1]:3;return e.length>r?e.substring(0,r):e};function Jt(e){var r=function(t,o){if(!t\|\|t.tagName==="BODY")return o;for(var u=1,s=t.previousElementSibling;s;)s.tagName===t.tagName&&u++,s=s.previousElementSiblin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.22	49171	104.18.3.35	443	3224	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-26 19:27:01 UTC	669	OUT	GET /favicon.ico HTTP/1.1 Host: pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev Connection: keep-alive sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-26 19:27:02 UTC	180	IN	HTTP/1.1 404 Not Found Date: Fri, 26 Apr 2024 19:27:02 GMT Content-Type: text/html Content-Length: 27242 Connection: close Server: cloudflare CF-RAY: 87a8f7c48dd3b3e0-MIA
2024-04-26 19:27:02 UTC	1189	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <link rel="icon" href="https://www.cloudflare.com/favicon.ico" /> <title>Not Found</title> <sty
2024-04-26 19:27:02 UTC	1369	IN	Data Raw: 32 20 7b 0a 20 20 20 20 20 20 20 20 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 25 2c 0a 20 20 20 20 20 20 20 20 35 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 35 70 78 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 36 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 31 30 30 25 20 7b 0a 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 58 28 30 70 78 29 3b 0a 20 20 20 20 Data Ascii: 2 { 0% { transform: translateX(0); } 10%, 50% { transform: translateX(5px); } 60% { transform: translateX(0); } 100% { transform: translateX(0px);
2024-04-26 19:27:02 UTC	1369	IN	Data Raw: 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 0a 20 20 20 20 20 20 20 20 3c 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 20 69 64 3d 22 66 6f 6f 74 65 72 2d 74 69 74 6c 65 22 3e 49 73 20 74 68 69 73 20 79 6f 75 72 20 62 75 63 6b 65 74 3f 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 4c 65 61 72 6e 20 68 6f 77 20 74 6f 20 65 6e 61 62 6c 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 64 65 76 65 6c 6f 70 65 72 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 72 32 2f 64 61 74 61 2d 61 63 63 65 73 73 2f 70 75 62 6c 69 63 2d 62 75 63 6b 65 74 73 2f 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: </p> </div> <div> <p id="footer-title">Is this your bucket?</p> <p> Learn how to enable <a href="https://developers.cloudflare.com/r2/data-access/public-buckets/"
2024-04-26 19:27:02 UTC	1369	IN	Data Raw: 6c 3d 22 23 43 35 45 42 46 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 3d 22 23 36 45 43 43 45 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 73 74 72 6f 6b 65 2d 77 69 64 74 68 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 34 2e 35 36 36 20 31 33 2e 32 37 37 43 31 32 31 2e 30 35 33 20 31 33 2e 32 37 37 20 31 31 38 2e 32 30 34 20 31 30 2e 34 32 38 38 20 31 31 38 2e 32 30 34 20 36 2e 39 31 35 33 34 43 31 31 38 2e 32 30 34 20 33 2e 34 30 31 39 31 20 31 32 31 2e 30 35 33 20 30 2e 35 35 33 37 31 31 20 31 32 34 2e 35 36 36 20 30 2e 35 35 33 37 31 31 43 31 32 38 2e 30 38 20 30 2e 35 35 33 37 31 31 20 31 33 30 2e 39 32 38 20 33 2e 34 30 Data Ascii: l="#C5EBF5" stroke="#6ECCE5" stroke-width="2" /> <path d="M124.566 13.277C121.053 13.277 118.204 10.4288 118.204 6.91534C118.204 3.40191 121.053 0.553711 124.566 0.553711C128.08 0.553711 130.928 3.40
2024-04-26 19:27:02 UTC	1369	IN	Data Raw: 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 4c 36 30 2e 39 37 31 32 20 31 30 36 2e 39 30 36 43 36 30 2e 39 37 31 32 20 31 30 36 2e 39 30 36 20 36 32 2e 34 37 32 20 39 38 2e 33 33 34 35 20 36 37 2e 38 33 30 34 20 39 39 2e 36 31 34 39 43 37 33 2e 31 38 38 38 20 31 30 30 2e 38 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 20 37 31 2e 32 35 35 39 20 31 30 38 2e 31 39 35 48 37 35 2e 35 34 35 39 43 37 35 2e 35 34 35 39 20 31 30 38 2e 31 39 35 20 37 38 2e 33 33 35 33 20 39 35 2e 39 36 31 31 20 36 38 2e 36 38 36 38 20 39 34 2e 30 34 34 35 43 35 39 2e 30 33 38 34 20 39 32 2e 31 32 37 38 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 20 35 36 2e 30 37 37 37 20 31 30 35 2e 34 30 36 Data Ascii: <path d="M56.0777 105.406L60.9712 106.906C60.9712 106.906 62.472 98.3345 67.8304 99.6149C73.1888 100.895 71.2559 108.195 71.2559 108.195H75.5459C75.5459 108.195 78.3353 95.9611 68.6868 94.0445C59.0384 92.1278 56.0777 105.406 56.0777 105.406
2024-04-26 19:27:02 UTC	1369	IN	Data Raw: 20 31 32 34 2e 37 31 37 20 31 30 36 2e 39 33 37 43 31 32 34 2e 30 35 38 20 31 30 36 2e 39 33 37 20 31 32 33 2e 34 30 36 20 31 30 37 2e 30 36 37 20 31 32 32 2e 37 39 38 20 31 30 37 2e 33 31 39 43 31 32 32 2e 31 38 39 20 31 30 37 2e 35 37 31 20 31 32 31 2e 36 33 36 20 31 30 37 2e 39 34 31 20 31 32 31 2e 31 37 20 31 30 38 2e 34 30 37 43 31 32 30 2e 37 30 34 20 31 30 38 2e 38 37 32 20 31 32 30 2e 33 33 35 20 31 30 39 2e 34 32 35 20 31 32 30 2e 30 38 33 20 31 31 30 2e 30 33 34 43 31 31 39 2e 38 33 31 20 31 31 30 2e 36 34 32 20 31 31 39 2e 37 30 31 20 31 31 31 2e 32 39 35 20 31 31 39 2e 37 30 31 20 31 31 31 2e 39 35 33 56 31 31 31 2e 39 35 33 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 Data Ascii: 124.717 106.937C124.058 106.937 123.406 107.067 122.798 107.319C122.189 107.571 121.636 107.941 121.17 108.407C120.704 108.872 120.335 109.425 120.083 110.034C119.831 110.642 119.701 111.295 119.701 111.953V111.953Z" fill="#0055DC"
2024-04-26 19:27:02 UTC	1369	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 39 2e 37 39 32 20 34 38 2e 39 35 31 36 43 31 33 34 2e 39 39 35 20 34 38 2e 39 35 31 36 20 31 33 31 2e 31 30 36 20 34 35 2e 30 36 32 37 20 31 33 31 2e 31 30 36 20 34 30 2e 32 36 35 36 43 31 33 31 2e 31 30 36 20 33 35 2e 34 36 38 34 20 31 33 34 2e 39 39 35 20 33 31 2e 35 37 39 35 20 31 33 39 2e 37 39 32 20 33 31 2e 35 37 39 35 43 31 34 34 2e 35 38 39 20 33 31 2e 35 37 39 35 20 31 34 38 2e 34 37 38 20 33 35 2e 34 36 38 34 20 31 34 38 2e 34 37 38 20 34 30 2e 32 36 35 36 43 31 34 38 2e 34 37 38 20 34 35 2e 30 36 32 37 20 31 34 34 2e 35 38 39 20 34 38 2e 39 35 31 36 20 31 33 39 2e 37 39 32 20 34 38 2e 39 35 31 36 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 77 68 69 74 65 22 0a 20 20 20 20 Data Ascii: d="M139.792 48.9516C134.995 48.9516 131.106 45.0627 131.106 40.2656C131.106 35.4684 134.995 31.5795 139.792 31.5795C144.589 31.5795 148.478 35.4684 148.478 40.2656C148.478 45.0627 144.589 48.9516 139.792 48.9516Z" fill="white"
2024-04-26 19:27:02 UTC	1369	IN	Data Raw: 37 34 20 31 31 30 2e 33 35 37 20 34 34 2e 35 31 31 38 20 31 31 31 2e 34 37 32 20 34 34 2e 35 31 33 39 43 31 31 32 2e 35 38 38 20 34 34 2e 35 31 33 39 20 31 31 33 2e 36 35 38 20 34 34 2e 30 37 30 36 20 31 31 34 2e 34 34 37 20 34 33 2e 32 38 31 33 43 31 31 35 2e 32 33 37 20 34 32 2e 34 39 32 31 20 31 31 35 2e 36 38 20 34 31 2e 34 32 31 36 20 31 31 35 2e 36 38 20 34 30 2e 33 30 35 35 43 31 31 35 2e 36 37 38 20 33 39 2e 31 39 30 37 20 31 31 35 2e 32 33 34 20 33 38 2e 31 32 32 34 20 31 31 34 2e 34 34 35 20 33 37 2e 33 33 34 39 43 31 31 33 2e 36 35 36 20 33 36 2e 35 34 37 34 20 31 31 32 2e 35 38 36 20 33 36 2e 31 30 35 32 20 31 31 31 2e 34 37 32 20 33 36 2e 31 30 35 32 43 31 31 30 2e 33 35 38 20 33 36 2e 31 30 37 33 20 31 30 39 2e 32 39 31 20 33 36 2e 35 35 30 Data Ascii: 74 110.357 44.5118 111.472 44.5139C112.588 44.5139 113.658 44.0706 114.447 43.2813C115.237 42.4921 115.68 41.4216 115.68 40.3055C115.678 39.1907 115.234 38.1224 114.445 37.3349C113.656 36.5474 112.586 36.1052 111.472 36.1052C110.358 36.1073 109.291 36.550
2024-04-26 19:27:02 UTC	1369	IN	Data Raw: 20 31 35 32 2e 36 34 31 20 31 32 37 2e 35 35 32 20 31 34 38 2e 32 34 39 20 31 32 37 2e 35 35 32 20 31 34 32 2e 38 33 31 43 31 32 37 2e 35 35 32 20 31 33 37 2e 34 31 32 20 31 33 31 2e 38 31 38 20 31 33 33 2e 30 32 20 31 33 37 2e 30 38 31 20 31 33 33 2e 30 32 43 31 34 32 2e 33 34 34 20 31 33 33 2e 30 32 20 31 34 36 2e 36 31 31 20 31 33 37 2e 34 31 32 20 31 34 36 2e 36 31 31 20 31 34 32 2e 38 33 31 43 31 34 36 2e 36 31 31 20 31 34 38 2e 32 34 39 20 31 34 32 2e 33 34 34 20 31 35 32 2e 36 34 31 20 31 33 37 2e 30 38 31 20 31 35 32 2e 36 34 31 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 43 35 45 42 46 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 67 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 67 Data Ascii: 152.641 127.552 148.249 127.552 142.831C127.552 137.412 131.818 133.02 137.081 133.02C142.344 133.02 146.611 137.412 146.611 142.831C146.611 148.249 142.344 152.641 137.081 152.641Z" fill="#C5EBF5" /> </g> <g
2024-04-26 19:27:02 UTC	1369	IN	Data Raw: 36 2e 37 36 35 56 39 35 2e 32 34 33 37 48 31 30 33 2e 32 35 32 56 37 31 2e 31 39 32 39 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 36 45 43 43 45 35 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 33 37 2e 30 38 37 20 37 35 2e 36 33 35 48 31 34 32 2e 31 37 37 56 37 39 2e 37 33 37 39 48 31 33 37 2e 30 38 37 56 37 35 2e 36 33 35 5a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 69 6c 6c 3d 22 23 30 30 35 35 44 43 22 0a 20 20 20 20 20 20 20 20 20 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 4d 31 32 39 2e 38 35 32 20 37 35 2e 36 33 35 48 31 33 34 2e 39 33 34 56 37 39 2e 37 33 37 39 48 Data Ascii: 6.765V95.2437H103.252V71.1929Z" fill="#6ECCE5" /> <path d="M137.087 75.635H142.177V79.7379H137.087V75.635Z" fill="#0055DC" /> <path d="M129.852 75.635H134.934V79.7379H

Target ID:	0
Start time:	21:26:10
Start date:	26/04/2024
Path:	C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
Imagebase:	0x13f1c0000
File size:	1'423'704 bytes
MD5 hash:	9EE74859D22DAE61F1750B3A1BACB6F5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	21:26:23
Start date:	26/04/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://pub-386b08e75b554ed78af5f51b01d7e1d8.r2.dev/linkofinformationtech.html#am9lc0BvYXBjLmNvbQ==
Imagebase:	0x13f0e0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	21:26:24
Start date:	26/04/2024
Path:	C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1276,i,9089814840846958116,12399007445428580176,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x13f0e0000
File size:	3'151'128 bytes
MD5 hash:	FFA2B8E17F645BCC20F0E0201FEF83ED
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report MSG.docx

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

QR Codes

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3B083CB6.png

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F694EF49.png

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{89E871C7-A4A1-42CB-8C0A-A87B5A9E4683}.tmp

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{67B84FBD-E5CF-484E-8E16-CA82898FEABF}.tmp

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{F6481146-C418-4192-8EA3-C130B10535CF}.tmp

C:\Users\user\AppData\Local\Temp\mso7E34.tmp

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\MSG.LNK

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

C:\Users\user\Desktop\~$MSG.docx

Chrome Cache Entry: 100

Chrome Cache Entry: 98

Chrome Cache Entry: 99

Static File Info

General

File Icon

Static OLE Info

General

OLE File "MSG.docx"

Indicators

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

Windows Analysis Report
MSG.docx